Table of Contents

Introduction

Lecture

Lecture from Network

ZFS video

FreeBSD EuroCon 2019

FreeBSD ASIANBSDCON 2018

FreeBSD ASIANBSDCON 2017

Tweaking a Running Kernel

Tuning tips

How to Become a FreeBSD Committer

Introduction to Kernel porting

Boot kernel

Kernel porting tips

Do you like backdoors ?

Kernel Porting to ARM Board

NetBooting ARM/MIPS

FreeBSD Kernel for beringer

Kernel Debug, BackTrace

Extended firmware interface (Efi)

Build ports

Reference

Portmaster

portmaster -L - Check all update for ports
portmaster -a - Upgrade ports
portmaster -af - Rebuild of installed application

Build ports with Poudriere

Create it ports tree for poudriere

poudriere ports -c

Configure poudriere, file system, ram, etc…

/usr/local/etc/poudriere.conf

List port tree

poudriere ports -l

PORTSTREE METHOD   TIMESTAMP           PATH
default   portsnap 2019-07-10 21:47:49 /usr/local/poudriere/ports/default

Create it jail for build and the target system

poudriere jail -c -j freebsd_11-2x64 -v 11.2-RELEASE -a amd64

List the jails

sudo poudriere jail -l

JAILNAME        VERSION          ARCH  METHOD TIMESTAMP           PATH
freebsd_11-2x64 11.2-RELEASE-p11 amd64 ftp    2019-07-10 20:48:07 /usr/local/poudriere/jails/freebsd_11-2x64

Copy your port files to /usr/local/poudriere/default/ and then build it port for example

sudo poudriere testport -o lang/halide -j freebsd_11-2x64

Debug ports

Just put the following line to /etc/make.conf. Then recompile port with debug symbol.

WITH_DEBUG=    yes

more information in

/usr/ports/Mk/bsd.port.mk

Debug Makefile

Debug makefile for your port

make -d A

Jails

Debian in FreeBSD Jail

Hard way with Jail

Work with jails

Simple script for create jail on zfs filesystem

#!/bin/sh
 
########################################################################
# Donwload amd64 base, ports tree FreeBSD OS
# and unpack base OS to your jail folder
########################################################################
 
set +x
 
name_jail="freebsd11_2"
arch_jail="amd64"
version_jail="11.2-RELEASE"
 
# Create new zfs dataset for jail - only once
#zfs create -o mountpoint=/usr/local/jails zroot/jails
 
# Create jail folder
zfs create zroot/jails/$name_jail
 
rm  /tmp/base.txz
rm  /tmp/ports.txz
 
echo "Fetching package from FreeBSD server ..."
 
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/$arch_jail/$version_jail/base.txz -o /tmp/base.txz
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/$arch_jail/$version_jail/ports.txz -o /tmp/ports.txz
 
mkdir -p /usr/local/jails/$name_jail
 
echo "Unpacking Freebsd base OS ..."
tar -xf /tmp/base.txz -C /usr/local/jails/$name_jail
tar -xf /tmp/ports.txz -C /usr/local/jails/$name_jail
 
cp /etc/resolv.conf /usr/local/jails/$name_jail/etc
#!/bin/sh
 
########################################################################
# Donwload i386 base, ports tree FreeBSD OS
# and unpack base OS to your jail folder
########################################################################
 
set +x
 
name_jail="freebsd386"
arch_jail="i386"
version_jail="11.2-RELEASE"
 
# Create new zfs dataset for jail - only once
#zfs create -o mountpoint=/usr/local/jails zroot/jails
 
# Create jail folder
zfs create zroot/jails/$name_jail
 
rm /tmp/base.txz
rm /tmp/ports.txz
 
echo "Fetching package from FreeBSD server ..."
 
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/$arch_jail/$version_jail/base.txz -o /tmp/base.txz
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/$arch_jail/$version_jail/ports.txz -o /tmp/ports.txz
 
mkdir -p /usr/local/jails/$name_jail
 
echo "Unpacking Freebsd base OS ..."
tar -xf /tmp/base.txz -C /usr/local/jails/$name_jail
tar -xf /tmp/ports.txz -C /usr/local/jails/$name_jail
 
cp /etc/resolv.conf /usr/local/jails/$name_jail/etc
 
echo "Done"

/etc/jail.conf

# /etc/jail.conf

# Global settings applied to all jails.

exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
allow.raw_sockets;

# The jail definition for freebsd386
freebsd386 {
    host.hostname = "freebsd386.domain.local";
    path = "/usr/local/jails/freebsd386";
    interface = "lagg0";
    ip4.addr = 10.0.2.15;
}

Packet forwarding

/etc/pf.conf

# /etc/pf.conf
#Define the interfaces
ext_if = "em0"
int_if = "lagg0"
jail_net = $int_if:network

#Define the NAT for the jails
nat on $ext_if from $jail_net to any -> ($ext_if)

Run jail

bsd@ ~> sudo jail -c freebsd386
bsd@ ~> jls
bsd@ ~> sudo jail -m jid=1 (number of jail)

Desktop tips

Sound

Steam on FreeBSD

Bitcoin Full Node

Tuning Power Laptops

Optimus on Freebsd - Hot fix

Comment out Nvidia-related parts from your xorg.conf :

...

Section "Device"
    Identifier  "Card0"
    Driver      "intel"
    BusID       "PCI:0:2:0"
EndSection

#Section "Device"
#   Identifier  "Card1"
#   Driver      "nvidia"
#   BusID       "PCI:1:0:0"
#EndSection

...

Then add the following bits to rc.conf(5) :

kld_list='i915kms'

NTPD synchronize

ntpdate_enable="YES"
ntpdate_hosts="in.pool.ntp.org"

Or manually update time and date

securelevel on 2 then you cannot set time only about second.

ntpdate -b pool.ntp.org
sudo service ntpd start

Disable Beep

# sysctl hw.syscons.bell=0

or if you use XFCE

set bell-style none

Change standard shell to fish

You must add line in /etc/shells for example fish shell

/usr/local/bin/fish

Change shell and path your favorite shell

chsh -s /usr/local/bin/fish

Aliases

Paths for shell

If you need PATH for example compiler or some options

# ASAN settings
set -x ASAN_SYMBOLIZER_PATH /usr/local/llvm50/bin/llvm-symbolizer
set -x ASAN_OPTIONS verbosity=1
set -x ASAN_OPTIONS symbolize=1
set -x ASAN_OPTIONS detect_stack_use_after_scope=1

# UBSAN settings
set -x UBSAN_SYMBOLIZER_PATH /usr/local/llvm50/bin/llvm-symbolizer
set -x UBSAN_OPTIONS verbosity=2

# MSAN
set -x MSAN_SYMBOLIZER_PATH /usr/local/llvm50/bin/llvm-symbolizer
set -x MSAN_OPTIONS fsanitize-memory-track-origins=2
set -x MSAN_OPTIONS verbosity=2
set -x MSAN_OPTIONS symbolize=1

Nano tuning

set constantshow
set smooth
set autoindent
set casesensitive
set historylog
set morespace

syntax "comments" ".*"
color blue "^#.*"

## nanorc files
include "/usr/local/share/nano/asm.nanorc"
include "/usr/local/share/nano/awk.nanorc"
include "/usr/local/share/nano/c.nanorc"
include "/usr/local/share/nano/cmake.nanorc"
include "/usr/local/share/nano/css.nanorc"
include "/usr/local/share/nano/debian.nanorc"
include "/usr/local/share/nano/fortran.nanorc"
include "/usr/local/share/nano/gentoo.nanorc"
include "/usr/local/share/nano/groff.nanorc"
include "/usr/local/share/nano/html.nanorc"
include "/usr/local/share/nano/java.nanorc"
include "/usr/local/share/nano/makefile.nanorc"
include "/usr/local/share/nano/man.nanorc"
include "/usr/local/share/nano/mgp.nanorc"
include "/usr/local/share/nano/mutt.nanorc"
include "/usr/local/share/nano/nanorc.nanorc"
include "/usr/local/share/nano/objc.nanorc"
include "/usr/local/share/nano/ocaml.nanorc"
include "/usr/local/share/nano/patch.nanorc"
include "/usr/local/share/nano/perl.nanorc"
include "/usr/local/share/nano/php.nanorc"
include "/usr/local/share/nano/pov.nanorc"
include "/usr/local/share/nano/python.nanorc"
include "/usr/local/share/nano/ruby.nanorc"
include "/usr/local/share/nano/sh.nanorc"
include "/usr/local/share/nano/tcl.nanorc"
include "/usr/local/share/nano/tex.nanorc"
include "/usr/local/share/nano/xml.nanorc"

QT Creator - Debugging

I cannot debug C/C++ programs because message “No symbol table is loaded. Use the \”file\“ command” …

Best solution is install devel/gdb with path /usr/local/bin/gdb

Touchpad

Touchpad reference

Mount

Mount msdosfs

# ls /dev/da*
# mount_msdosfs /dev/da0 /media/usb

ReMount /etc/fstab

mount -av

Mount ext2/ext3/ext4

Fuse-ext2 mounts an ext2/ext3/ext4 partition or image file

For control kernels fuse modules is command:

kldstat

If you don't have fuse.ko module in the kernel you use this command

kldload fuse

Then mount your partition

fuse-ext2  /dev/your_partition /media/

Mount NTFS

For mounting ntfs file system you must kernel module loaded.

For control kernels fuse modules is command:

kldstat

and load FUSE kernel module:

kldload fuse

and then you can mount ntfs filesystem.

# ls /dev/da*
# ntfs-3g  /dev/your_partition  /mnt/

Automounting Removable Media

Uncomment in config file in /etc/auto_master

/media        -media        -nosuid

Add lines to /etc/devd.conf

notify 100 {
    match "system" "GEOM";
    match "subsystem" "DEV";
    action "/usr/sbin/automount -c";
};

Reload service

service automount reload
service devd restart

and added configuration /etc/rc.conf

autofs_enable="YES"

Compiling programs

Simple setup

How to fast setup MYSQL Database

The first step is the installation

sudo pkg install mysql56-server

next step is enable in /etc/rc.conf

sudo sysrc mysql_enable=yes

Remember to run mysql_upgrade the first time you start the MySQL server after an upgrade from an earlier version.

Now start MYSQL Server

sudo service mysql-server start

then set database

sudo mysql_secure_installation

Introduction ZFS

Mount ZFS

zpool import

For control command mount.

Mount ZFS from Live CD

zpool import -fR /media zroot

Tuning zfs on i386

If you will have i386 OS you must set wm.kmem_size=“512M” and vm.kmem_size_max=“” is minimal value.

This is little tunables more information on http://www.freebsd.cz/doc/handbook/zfs-advanced.html

vfs.zfs.prefetch_disable=0
vm.kmem_size="512M"
vm.kmem_size_max="768M"
vfs.zfs.arc_max="40M"
vfs.zfs.vdev.cache.size="5M"

Resize partition

We added space for virtual disk (VirtualBox, or other) but we have disk CORRUPT

lol@ ~/> gpart show ada0
=>      40  41942960  ada0  GPT  (39G) [CORRUPT]
        40      1024     1  freebsd-boot  (512K)
      1064       984        - free -  (492K)
      2048   4194304     2  freebsd-swap  (2.0G)
   4196352  37744640     3  freebsd-zfs  (18G)
  41940992      2008        - free -  (1.0M)

Fix is easy :

gpart recover ada0

Now we need resize partion 3.

lol@ ~/> gpart show 
=>      40  81919920  ada0  GPT  (39G)
        40      1024     1  freebsd-boot  (512K)
      1064       984        - free -  (492K)
      2048   4194304     2  freebsd-swap  (2.0G)
   4196352  37744640     3  freebsd-zfs  (18G)
  41940992  39978968        - free -  (19G)
lol@ ~/> zpool list
NAME    SIZE  ALLOC   FREE  EXPANDSZ   FRAG    CAP  DEDUP  HEALTH  ALTROOT
zroot  17.9G  17.3G   621M         -    76%    96%  1.00x  ONLINE  -

For device is Busy , we have set this value:

lol@ ~/> sysctl kern.geom.debugflags=16
kern.geom.debugflags: 0 -> 16

Now resize partition number 3

lol@ ~/> gpart show 
=>      40  81919920  ada0  GPT  (39G)
        40      1024     1  freebsd-boot  (512K)
      1064       984        - free -  (492K)
      2048   4194304     2  freebsd-swap  (2.0G)
   4196352  37744640     3  freebsd-zfs  (18G)
  41940992  39978968        - free -  (19G)

lol@ ~/> sudo gpart resize -i 3 ada0

ada0p3 resized

lol@ ~/> gpart show 
=>      40  81919920  ada0  GPT  (39G)
        40      1024     1  freebsd-boot  (512K)
      1064       984        - free -  (492K)
      2048   4194304     2  freebsd-swap  (2.0G)
   4196352  77723608     3  freebsd-zfs  (37G)

Last step with zfs pool:

lol@ ~/> sudo zpool set autoexpand=on zroot
lol@ ~/> sudo zpool online -e zroot ada0p3 ada0p3

Control space in zpool.Size of zroot is right.

lol@ ~/> zpool list
NAME    SIZE  ALLOC   FREE  EXPANDSZ   FRAG    CAP  DEDUP  HEALTH  ALTROOT
zroot    37G  17.3G  19.7G         -    36%    46%  1.00x  ONLINE  -
lol@ ~/Desktop> sudo sysctl kern.geom.debugflags=0
kern.geom.debugflags: 16 -> 0

Virtualbox

Virtuabox in FreeBSD

Added line with kernel module to /boot/loader.conf

vboxdrv_load="YES"

Added line for bridged or host-only networking to /etc/rc.conf

vboxnet_enable="YES"

Added to group

pw groupmod vboxusers -m yourusername
chown root:vboxusers /dev/vboxnetctl
chmod 0660 /dev/vboxnetctl

Permanent permisions added lines to /etc/devfs.conf

own     vboxnetctl root:vboxusers
perm    vboxnetctl 0660

FreeBSD as guest Virtualbox

Write to /etc/rc.conf

vboxguest_enable="YES"
vboxservice_enable="YES"

Wifi and FreeBSD

How to setup WIFI card

pciconf -l - look for if see wifi hardware
sudo ifconfig wlan0 create wlandev wpi0
sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf

How to setup USB WIFI

Add kernel module to /boot/loader.conf

# Kernel module for wifi 
if_ath_load="YES"
if_iw_load="YES"

# Next wifi kernel modules
wlan_wep_load="YES"
wlan_ccmp_load="YES"
wlan_tkip_load="YES"

Add to configure /etc/rc.conf this lines. Configure you wifi device.

wlans_run0="wlan0"
create_args_wlan0="wlanmode sta country CZ indoor"

Look to your hardware if you have drivers.

# Look for if see wifi hardware (wpi, run0)
pciconf -l 

# Create a device with name wlan0
sudo ifconfig wlan0 create wlandev wpi0

# Create wpa_supplicant configure file with ssid network 
sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf

# Scan your wifi networks
ifconfig wlan0 up scan 
SSID/MESH ID    BSSID              CHAN RATE   S:N     INT CAPS
lol        00:13:46:49:41:76   11   54M -90:96   100 EPS  WPA WME
trololo    00:11:95:c3:0d:ac    1   54M -83:96   100 EPS  WPA

# IP address from DHCP server
sudo dhclient wlan0

GELI

Install CD -> Partition -> Shell

gpart create -s gpt vtbd0
gpart add -t freebsd-boot -s 512k -a 4k vtbd0
gpart add -t freebsd-ufs -a 1M vtbd0
gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 vtbd0

geli init -b -g vtbd0p2
geli attach vtbd0p2

newfs -j /dev/vtbd0p2.eli
mount /dev/vtbd0p2.eli /mnt

- /tmp/bsdinstall_etc/fstab
/dev/vtbd0p2.eli / ufs rw,noatime 1 1

- /tmp/bsdinstall_boot/loader.conf
geom_eli_load="YES"

exit (installer will continue)

Change  /dev/vtbd0p2.eli to gptid/rawuuid (gpart list):
/dev/gptid/015ceb9a-90a4-11e6-b8fc-1392a9ed1847 / ufs rw,noatime 1 1

FreeBSD Kernel

Source code FreeBSD kernel

sudo pkg install subversion  
sudo svn checkout https://svn0.us-east.FreeBSD.org/base/stable/you_version_system /usr/src
svn up /usr/src

Profiling and debugging kernel

Performance observality tools

}

Kernel module

Simple kernel module.
https://github.com/Martinfx/FreeBSD-Kernel-module

FreeBSD Security

Security on FreeBSD

To check the status of the securelevel on a running system: Add to /etc/sysctl.conf

kern.securelevel=2
security.bsd.see_other_uids=0
security.bsd.stack_guard_page=1
net.inet.ip.random_id=1

more : http://www.freebsd.cz/doc/faq/security.html

Enabling and Utilizing Process Accounting

Tracking information such as CPU statistics and executed commands.

touch /var/account/acct
chmod 600 /var/account/acct
accton /var/account/acct
echo 'accounting_enable="YES"' >> /etc/rc.conf

ACPI

IBM ACPI

If you use notebooks, is better enable acpi driver in /boot/loader.conf For IBM notebooks is command:

acpi_ibm_load="YES"

HP ACPI

If you use notebooks, is better enable acpi driver in /boot/loader.conf For HP notebooks is command:

acpi_hp_load="YES"

More : https://www.freebsd.org/cgi/man.cgi?acpi_ibm

Linux® Binary Compatibility

# kldload linux
# kldload linux64

# kldstat - you can look for modules
 1   72 0xffffffff80200000 1fa7c38  kernel
 2    1 0xffffffff821a9000 30aec0   zfs.ko
 3    2 0xffffffff824b4000 adc0     opensolaris.ko
...
23    1 0xffffffff827bc000 389f4    linux64.ko

and add line to /etc/rc.conf:
linux_enable="YES"

Troubleshooting with FreeBSD

SSH

Too many authentication failures

If You are not able to authenticate via ssh and message “Too many authentication failures” is logged in /var/log/auth.log you probably have more than 2 keys loaded in your ssh agent that are failing to authenticate. To solve this unload keys you are not using from ssh agent (ssh-add -d path/ ssh-add -D), use ssh -i path_to_key or create an appropriate section in your ~/.ssh/config with IdentityFile.

BOOT on FreeBSD

Fatal double fault FreeBSD 10.3 - i386 , FreeBSD 11 - i386

The fatal double fault is a problem on FreeBSD - i386 with ZFS file system.

As described in /usr/src/UPDATING entry 20121223, rebuilding the kernel with options KSTACK_PAGES=4 has been observed to resolve the boot-time crash. This, however, is not an ideal solution for inclusion in the GENERIC kernel configuration, as increasing KSTACK_PAGES implicitly decreases available usermode threads in an environment that is already resource-starved.

You must do this steps for new kernel:

# mkdir -p /usr/src
# svnlite co svn://svn.freebsd.org/base/releng/10.2 /usr/src
# make -C /usr/src kernel-toolchain
# printf "include GENERIC\noptions KSTACK_PAGES=4\n" > /usr/src/sys/i386/conf/ZFS
# make -C /usr/src buildkernel KERNCONF=ZFS
# make -C /usr/src installkernel KERNCONF=ZFS

For FreeBSD 10.3 - More information on page https://www.freebsd.org/releases/10.3R/errata.html For FreeBSD 11.0 - More information on page https://www.freebsd.org/releases/11.0R/errata.html

How to boot from live CD

If is a problem with boot on FreeBSD and cannot run the system. Back to FreeBSD menu and choose option 3. ( Escape to loader prompt ) For help in command line is command help or ? (list of commands ) help set are options for the command set

For boot from CD is commnad

set boot_cdrom (for mount filesystem)
boot

Look for a mounted filesystem with command mount.If you haven't zfs filesystem mounted you must run command and connect zpool :

zpool import -f zroot

How to mount disk with geli from live CD

Boot live system …

geli attach /dev/ada0p3
password: 

The command mount only part of filesystem. For example /usr; /tmp; /var; but not /boot

zpool import -f /mnt zroot

The command mount /boot etc..

zfs mount zroot/ROOT/default
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki